Tom,
I understand the reason for the CVE, it was UNCLEAR that ALL "create schema" requests within extensions could be affected.
So, following your advice, I commented out the "IF NOT EXISTS" part of the create schema...
I get the following error: (As if the create extension is seeing that I expect a certain schema, and it is creating it for me)
create extension simple_extension;
ERROR: schema "simple_extension" already exists
STATEMENT: create extension simple_extension;
STRANGE ENOUGH, if I completely comment out the CREATE SCHEMA. This example works.
So, is it more accurate to say:
1) Define the schema in the .control file
2) Let the CREATE EXTENSION command create the schema [No extra syntax, just create extension simple_extension]
Or am I still doing something wrong?
Finally, now I see another side-effect. When I drop the extension, it does not drop the schema!
BUT it allows me to recreate the extension (with the schema present) without errors.
Worse, I can drop the extension. Change the owner on the schema to someone else. And recreate the extension.
Something seems off... OR I am clearly doing things incorrectly.
Thanks again.
Kirk Out!
PG Bug reporting form <noreply@postgresql.org> writes:
> Effectively if FEELS like the check for an schema/extension
> "owning/belonging to" a schema/extension is failing.
> In this case, the schema DOES NOT EXIST. And the create if not exists
> FAILS! (Which feels like an edge case.
This is an intentional change to close a security hole: it is unsafe for
an extension script to use CREATE IF NOT EXISTS this way. (What if
a hostile attacker created the schema? Now you are depending on a
schema that the attacker has ownership privileges on.) Drop the
IF NOT EXISTS clause, if you're expecting the extension to create the
schema.
regards, tom lane
